Univention Bugzilla – Bug 56957
SMTP Smuggling through Postfix
Last modified: 2024-01-17 13:43:26 CET
Our Postfix version is affected by CVE-2023-51764: https://security-tracker.debian.org/tracker/CVE-2023-51764 In the current configuration it is possible to spoof MAIL FROM (and bypassing SPF) by injecting a mail into another: https://www.postfix.org/smtp-smuggling.html If I read that right there is a fix available, so we should patch our Postfix versions in UCS 5 and possibly 4.4 and release it.
CVSS score provided by SUSE: https://www.suse.com/security/cve/CVE-2023-51764.html
QA: - code changes OK - changelog OK - advisory OK - manual OK -> waiting for jenkins to set verified.
Package was built with Package: univention-mail-postfix Version: 14.0.7-1 Branch: ucs_5.0-0 Scope: errata5.0-6 -> jenkins jobs look good
<https://errata.software-univention.de/#/?erratum=5.0x916>